Disable TLS certificate verification to make it more worky.

[dead/halcyon.git] / src / Twitter / Http.hs

diff --git a/src/Twitter/Http.hs b/src/Twitter/Http.hs
index 21e47ba1b6352f71b5f5d439f6cf94e848c78c19..6862ffc0f8f23b3d7485c2f82ea86da4ff21bf81 100644 (file)
--- a/src/Twitter/Http.hs
+++ b/src/Twitter/Http.hs
@@ -6,12 +6,14 @@ where
 
 import qualified Data.ByteString.Lazy as B ( ByteString )
 import qualified Data.ByteString.Char8 as BC ( pack )
+import Network.Connection ( TLSSettings(..) )
 import Network.HTTP.Client (
+  ManagerSettings,
   httpLbs,
   newManager,
   parseUrl,
   responseBody )
-import Network.HTTP.Client.TLS ( tlsManagerSettings )
+import Network.HTTP.Client.TLS ( mkManagerSettings )
 import Web.Authenticate.OAuth (
   OAuth(..),
   Credential,
@@ -74,12 +76,32 @@ get_user_new_statuses cfg username last_status_id = do
   http_get cfg uri
 
 
+-- | The default 'tlsManagerSettings' attempts to verify the
+--   certificate that we get from the server, but it's quite pointless
+--   for our purposes.
+--
+--   The default  'tlsManagerSettings' is constructed is like,
+--
+--     tlsManagerSettings = mkManagerSettings def Nothing
+--
+--   and the 'def' passes in a 'TLSSettings' from
+--   \"Network.Connection\". By constructing our own 'TLSSettings', we
+--   can disable the certificate validation.
+--
+novalidate_tls_manager_settings :: ManagerSettings
+novalidate_tls_manager_settings =
+  mkManagerSettings mytls Nothing
+  where
+    -- The first field is "disable validation"
+    mytls = TLSSettingsSimple True False False
+
+
 -- | Retrieve a URL, or crash. The request is signed using all of the
 --   OAuth junk contained in the configuration.
 --
 http_get :: Cfg -> String -> IO B.ByteString
 http_get cfg url = do
-  manager <- newManager tlsManagerSettings
+  manager <- newManager novalidate_tls_manager_settings
   request <- parseUrl url
   signed_request <- signOAuth oauth credential request
   response <- httpLbs signed_request manager